misc/96343: patch - rc.d order change to start inet6 before pf
Mike Oliver
michael at gargantuan.com
Wed Apr 26 04:00:30 UTC 2006
>Number: 96343
>Category: misc
>Synopsis: patch - rc.d order change to start inet6 before pf
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Wed Apr 26 04:00:29 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Mike Oliver
>Release: CURRENT
>Organization:
>Environment:
FreeBSD gambit.gargantuan.com 7.0-CURRENT FreeBSD 7.0-CURRENT #0: Wed Mar 15 12:56:49 EST 2006 mwoliver at gambit.gargantuan.com:/usr/obj/usr/src/sys/GAMBIT i386
>Description:
For inet6, it looks like the link-local address isn't enough to satisfy pf so that it will load the rules, because I saw the same "rule expands to no valid combination" error when testing this config before having a non-link-local addr assigned to re0. It looks like pf is being started after the inet config, but before the inet6 config, and since there are no non-link-local addrs assigned yet, pf is failing to load the pf.conf rules.
The attached patch to change the ordering of /etc/rc.d fixes the problem completely in my case, though I don't have a facility to test any regression to isdn or ppp.
>How-To-Repeat:
put these rules in /etc/pf.conf and reboot with current rc.d ordering -- the rules will NOT be loaded.
antispoof quick for $int_if inet
antispoof quick for $int_if inet6
antispoof quick for $ext_if inet
antispoof quick for $ext_if inet6
>Fix:
diff -ruN /etc/rc.d.orig/NETWORKING /etc/rc.d/NETWORKING
--- /etc/rc.d.orig/NETWORKING Tue Jan 10 12:51:47 2006
+++ /etc/rc.d/NETWORKING Mon Apr 24 13:44:25 2006
@@ -5,7 +5,7 @@
#
# PROVIDE: NETWORKING NETWORK
-# REQUIRE: netif routing network_ipv6 isdnd ppp
+# REQUIRE: netif network_ipv6 routing isdnd ppp
# REQUIRE: routed mrouted route6d mroute6d
# This is a dummy dependency, for services which require networking
diff -ruN /etc/rc.d.orig/atm2 /etc/rc.d/atm2
--- /etc/rc.d.orig/atm2 Tue Jan 10 12:51:47 2006
+++ /etc/rc.d/atm2 Mon Apr 24 14:17:05 2006
@@ -28,7 +28,7 @@
#
# PROVIDE: atm2
-# REQUIRE: atm1 netif
+# REQUIRE: atm1 netif ip6addrctl
# BEFORE: routing
# KEYWORD: nojail
diff -ruN /etc/rc.d.orig/ip6fw /etc/rc.d/ip6fw
--- /etc/rc.d.orig/ip6fw Tue Jan 10 12:51:48 2006
+++ /etc/rc.d/ip6fw Mon Apr 24 14:14:09 2006
@@ -4,8 +4,8 @@
#
# PROVIDE: ip6fw
-# REQUIRE: routing
-# BEFORE: network_ipv6
+# REQUIRE: network_ipv6 routing
+# BEFORE: NETWORKING
# KEYWORD: nojail
. /etc/rc.subr
diff -ruN /etc/rc.d.orig/mroute6d /etc/rc.d/mroute6d
--- /etc/rc.d.orig/mroute6d Tue Jan 10 12:51:48 2006
+++ /etc/rc.d/mroute6d Mon Apr 24 14:05:19 2006
@@ -4,7 +4,7 @@
#
# PROVIDE: mroute6d
-# REQUIRE: network_ipv6
+# REQUIRE: network_ipv6 routing
# KEYWORD: nojail
. /etc/rc.subr
diff -ruN /etc/rc.d.orig/network_ipv6 /etc/rc.d/network_ipv6
--- /etc/rc.d.orig/network_ipv6 Tue Jan 10 12:51:48 2006
+++ /etc/rc.d/network_ipv6 Mon Apr 24 13:41:07 2006
@@ -29,7 +29,7 @@
#
# PROVIDE: network_ipv6
-# REQUIRE: routing
+# REQUIRE: mountcritlocal
# KEYWORD: nojail
. /etc/rc.subr
diff -ruN /etc/rc.d.orig/pf /etc/rc.d/pf
--- /etc/rc.d.orig/pf Mon Apr 24 10:36:10 2006
+++ /etc/rc.d/pf Mon Apr 24 14:12:38 2006
@@ -4,7 +4,7 @@
#
# PROVIDE: pf
-# REQUIRE: root mountcritlocal netif pflog pfsync
+# REQUIRE: root mountcritlocal netif network_ipv6 pflog pfsync
# BEFORE: routing
# KEYWORD: nojail
diff -ruN /etc/rc.d.orig/pflog /etc/rc.d/pflog
--- /etc/rc.d.orig/pflog Mon Apr 24 10:36:15 2006
+++ /etc/rc.d/pflog Mon Apr 24 14:12:28 2006
@@ -4,7 +4,7 @@
#
# PROVIDE: pflog
-# REQUIRE: root mountcritlocal netif cleanvar
+# REQUIRE: root mountcritlocal netif network_ipv6 cleanvar
# KEYWORD: nojail
. /etc/rc.subr
diff -ruN /etc/rc.d.orig/pfsync /etc/rc.d/pfsync
--- /etc/rc.d.orig/pfsync Mon Apr 24 10:36:23 2006
+++ /etc/rc.d/pfsync Mon Apr 24 14:20:25 2006
@@ -4,7 +4,7 @@
#
# PROVIDE: pfsync
-# REQUIRE: root mountcritlocal netif
+# REQUIRE: root mountcritlocal netif network_ipv6
# KEYWORD: nojail
. /etc/rc.subr
diff -ruN /etc/rc.d.orig/route6d /etc/rc.d/route6d
--- /etc/rc.d.orig/route6d Tue Jan 10 12:51:49 2006
+++ /etc/rc.d/route6d Mon Apr 24 14:05:09 2006
@@ -5,7 +5,7 @@
#
# PROVIDE: route6d
-# REQUIRE: network_ipv6
+# REQUIRE: network_ipv6 routing
# KEYWORD: nojail
. /etc/rc.subr
diff -ruN /etc/rc.d.orig/routing /etc/rc.d/routing
--- /etc/rc.d.orig/routing Tue Jan 10 12:51:49 2006
+++ /etc/rc.d/routing Mon Apr 24 13:41:59 2006
@@ -6,7 +6,7 @@
#
# PROVIDE: routing
-# REQUIRE: netif ppp
+# REQUIRE: netif network_ipv6 ppp
# KEYWORD: nojail
. /etc/rc.subr
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list